Vulnerability & Exploit Database

RHSA-2011:0845: bind security update

Severity

CVSS

Published

Added

Modified

5

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

May 31, 2011

June 02, 2011

July 04, 2017

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the DomainName System (DNS) protocols. BIND includes a DNS server (named); a resolverlibrary (routines for applications to use when interfacing with DNS); andtools for verifying that the DNS server is operating correctly.An off-by-one flaw was found in the way BIND processed negative responseswith large resource record sets (RRSets). An attacker able to sendrecursive queries to a BIND server that is configured as a cachingresolver could use this flaw to cause named to exit with an assertionfailure. (CVE-2011-1910)All BIND users are advised to upgrade to these updated packages, whichresolve this issue. After installing the update, the BIND daemon (named)will be restarted automatically.